Security Posture
The Security Posture Dashboard provides visibility into cloud security health through monitoring, risk assessment, and dashboard widgets that surface actionable security insights.
Introduction
Use the dashboard to identify, prioritize, and remediate security gaps across the cloud environment. It aggregates security signals and organizes them into coverage metrics, network security controls, infrastructure configuration, and operational status.
Key Features
| Feature | Description |
|---|---|
| Endpoint protection visibility | Shows EPP and EDR coverage across powered-on VMs. |
| Expiration tracking | Monitors certificate expiration and compliance deadlines. |
| Configuration validation | Identifies risky firewall rules, exposed services, and misconfigured controls. |
| WAF protection status | Tracks load balancer WAF enforcement and encrypted traffic configuration. |
Common Use Cases
| Audience | Use cases |
|---|---|
| Security operations teams | Monitor EPP/EDR coverage, identify exposed VMs, manage certificate lifecycle, and audit risky firewall ports. |
| Delivery and infrastructure engineers | Validate new deployments, confirm VM protection status, review exposed VM lists, and monitor WAF configuration. |
Dashboard Overview
Dashboard data is scoped by tenant selection and can be filtered by business group. Most widgets include an external-link icon that redirects to the related product page for deeper investigation.
Widget Reference Guide
| Widget | What it communicates | Typical action |
|---|---|---|
| EPP Coverage | Percentage of powered-on VMs with endpoint protection status Online or Not Applicable. | Identify unprotected VMs and install EPP where required. |
| EDR Coverage | Percentage of powered-on VMs with endpoint detection and response status Online or Not Applicable. | Identify unprotected VMs and install EDR where required. |
| Exposed VMs | VMs with public IPs and incoming firewall rules from the internet with source set to Any. |
Remove public IPs where possible, route through load balancers with WAF, or restrict source IPs. |
| Overview | Multi-domain risk visualization for certificates, firewall rules, WAF coverage, load balancer public traffic, and users. | Investigate red segments and remediate by domain. |
| Risky Firewall Ports | Firewall rules that permit traffic on commonly risky ports. | Remove direct internet access, restrict sources, or route through safer access patterns. |
| Certificates Status | Certificate common name, associated load balancers, and expiration status. | Renew expired certificates and start renewals within 90 days of expiration. |
| WAF and Public Load Balancer Configurations | Whether public load balancers have WAF enabled and encrypted traffic configured. | Enable WAF, move from transparent to blocking mode when ready, and fix plaintext traffic. |
| Users Overview | User accounts and last login status. | Review dormant accounts and run periodic access reviews. |
Warning
Exposed VMs increase attack surface. Review whether the VM must be exposed directly, or whether traffic should go through a load balancer with WAF protection.
Risky Port Categories
| Category | Ports |
|---|---|
| Administrative and remote access | SSH tcp/22, RDP tcp/3389, Telnet tcp/23, VNC tcp/5900 |
| Database services | MSSQL tcp/1433, tcp/1434; MySQL tcp/3306; PostgreSQL tcp/5432 |
| File transfer and sharing | FTP tcp/21; SMB tcp/445, udp/445, tcp/137-139, udp/137-139 |
| Email services | SMTP tcp/25 |
| Web application services | HTTP tcp/80 |
| Network infrastructure | DNS tcp/53, udp/53 |
| Unrestricted network access | All TCP tcp/1-65535; all UDP udp/1-65535 |
Recommended Review Cadence
| Cadence | Review |
|---|---|
| Daily | Expired certificates, new exposed VMs, and offline EPP/EDR agents. |
| Weekly | Risky firewall ports and certificate expirations within 90 days. |
| Monthly | Full dashboard review across all widgets. |
| Quarterly | Access reviews. |